npm - securenow - Versions diffs - 8.7.0 → 8.9.0 - Mend

securenow 8.7.0 → 8.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/cli/security.js CHANGED Viewed

@@ -48,9 +48,21 @@ async function alertRulesRoute(args, flags) {
   if (sub === 'set-sql' || sub === 'edit-sql') {
     return alertRuleSetSql(args.slice(1), flags);
   }
+  if (sub === 'versions' || sub === 'history') {
+    return alertRuleVersions(args.slice(1), flags);
+  }
+  if (sub === 'version') {
+    return alertRuleVersionShow(args.slice(1), flags);
+  }
+  if (sub === 'rollback' || sub === 'revert') {
+    return alertRuleRollback(args.slice(1), flags);
+  }
   if (sub === 'delete' || sub === 'rm' || sub === 'remove') {
     return alertRuleDelete(args.slice(1), flags);
   }
+  if (sub === 'duplicate' || sub === 'clone') {
+    return alertRuleDuplicate(args.slice(1), flags);
+  }
   if (sub === 'test') {
     return alertRuleTest(args.slice(1), flags);
   }
@@ -111,6 +123,52 @@ async function alertRuleSetMode(args, flags, mode) {
   else ui.info('Detect-only — no mitigation will act. Promote when confident: securenow alerts rules promote <id>');
 }
+// Duplicate any rule (including a read-only system template) into a new CUSTOM rule you
+// own. System rules are view-only examples — fork one with this to enable / edit it. The
+// copy defaults to Disabled (opt in with --enable / --status active); SQL, instant.block,
+// schedule, scope, and mode are copied from the source.
+async function alertRuleDuplicate(args, flags) {
+  requireAuth();
+  const id = args[0];
+  if (!id) {
+    ui.error('Usage: securenow alerts rules duplicate <rule-id> [--enable] [--status active|disabled|paused] [--name "..."] [--mode test|prod]');
+    process.exit(1);
+  }
+  const body = {};
+  if (flags.enable) body.status = 'Active';
+  else if (flags.disable) body.status = 'Disabled';
+  else if (flags.pause) body.status = 'Paused';
+  else if (flags.status) {
+    const s = String(flags.status).toLowerCase();
+    body.status = s === 'active' ? 'Active' : s === 'paused' ? 'Paused' : 'Disabled';
+  }
+  if (flags.name) body.name = String(flags.name);
+  if (flags.mode === 'test' || flags.mode === 'prod') body.mode = flags.mode;
+  const spin = ui.spinner(`Duplicating ${ui.truncate(id, 12)}`);
+  let data;
+  try {
+    data = await api.post(`/alert-rules/${id}/duplicate`, body);
+    spin.stop('Duplicated');
+  } catch (err) {
+    spin.fail(`Failed to duplicate: ${err.message}`);
+    process.exit(1);
+  }
+  if (flags.json) { ui.json(data); return; }
+  const r = data.alertRule || {};
+  const newId = r.id || r._id || '';
+  console.log('');
+  ui.success(`Created custom rule ${newId}`);
+  console.log(`  Name        ${r.name || ''}`);
+  console.log(`  Status      ${r.status || ''}`);
+  console.log(`  Mode        ${r.mode || ''}`);
+  console.log(`  Exec mode   ${r.executionMode || ''}`);
+  console.log(`  Custom      ${r.isSystem ? 'NO — still a system rule (unexpected)' : 'yes (editable / enable-able)'}`);
+  if (data.duplicatedFromSystem) ui.info('Forked from a read-only system template — edit or enable this custom copy freely.');
+  if (r.status !== 'Active') ui.info(`Disabled by default. Enable with: securenow alerts rules update ${newId} --enable`);
+}
 async function alertRulesList(args, flags) {
   requireAuth();
   // Server-side filters (API supports ?mode/status/active/isSystem).
@@ -415,6 +473,113 @@ async function alertRuleSetSql(args, flags) {
   }
 }
+// List a rule's configuration version history (newest first). Each material update (SQL,
+// instant config, settings), duplicate, and rollback is a version; rollback restores a
+// prior snapshot and is itself recorded as a new version.
+async function alertRuleVersions(args, flags) {
+  requireAuth();
+  const id = args[0];
+  if (!id) {
+    ui.error('Usage: securenow alerts rules versions <rule-id> [--limit N] [--page N]');
+    process.exit(1);
+  }
+  const query = {};
+  if (flags.limit) query.limit = flags.limit;
+  if (flags.page) query.page = flags.page;
+  const s = ui.spinner('Fetching version history');
+  let data;
+  try {
+    data = await api.get(`/alert-rules/${id}/versions`, Object.keys(query).length ? { query } : undefined);
+    s.stop(`Found ${data.total ?? (data.versions || []).length} version${(data.total ?? 0) === 1 ? '' : 's'}`);
+  } catch (err) {
+    s.fail(`Failed to fetch versions: ${err.message}`);
+    process.exit(1);
+  }
+  if (flags.json) { ui.json(data); return; }
+  const rows = data.versions || [];
+  if (rows.length === 0) { ui.info('No versions recorded yet.'); return; }
+  console.log('');
+  ui.info(`Current: v${data.currentVersion}`);
+  for (const v of rows) {
+    const marker = v.isCurrent ? ui.c.green('→') : ' ';
+    const when = v.createdAt ? new Date(v.createdAt).toISOString().replace('T', ' ').slice(0, 19) : '';
+    const extra = v.changeType === 'rollback' && v.rolledBackFrom ? ` (from v${v.rolledBackFrom})` : '';
+    console.log(`${marker} ${ui.c.bold('v' + v.version).padEnd(14)} ${String(v.changeType + extra).padEnd(22)} ${ui.c.dim(when)}  ${v.createdByName || ''}`);
+    if (v.reason) console.log(`     ${ui.c.dim(ui.truncate(v.reason, 90))}`);
+  }
+  console.log('');
+  ui.info(`Show: securenow alerts rules version ${ui.truncate(id, 12)} <n>   |   Roll back: securenow alerts rules rollback ${ui.truncate(id, 12)} <n>`);
+}
+// Show one version's full material snapshot (diff-able SQL / instant / settings).
+async function alertRuleVersionShow(args, flags) {
+  requireAuth();
+  const id = args[0];
+  const version = args[1];
+  if (!id || !version) {
+    ui.error('Usage: securenow alerts rules version <rule-id> <version-number>');
+    process.exit(1);
+  }
+  const s = ui.spinner(`Fetching v${version}`);
+  let data;
+  try {
+    data = await api.get(`/alert-rules/${id}/versions/${version}`);
+    s.stop(`Loaded v${version}`);
+  } catch (err) {
+    s.fail(`Failed: ${err.message}`);
+    process.exit(1);
+  }
+  if (flags.json) { ui.json(data); return; }
+  const v = data.version || {};
+  const snap = v.snapshot || {};
+  console.log('');
+  ui.success(`v${v.version}${v.isCurrent ? ' (current)' : ''} — ${v.changeType}`);
+  console.log(`  When     ${v.createdAt || ''}`);
+  if (v.createdByName) console.log(`  By       ${v.createdByName}`);
+  if (v.reason) console.log(`  Reason   ${v.reason}`);
+  if (v.rolledBackFrom) console.log(`  Restored v${v.rolledBackFrom}`);
+  console.log('');
+  console.log(`  Name     ${snap.name || ''}`);
+  console.log(`  Mode     ${snap.mode || ''} / ${snap.executionMode || ''}   severity ${snap.severity || '-'}`);
+  if (snap.instant && snap.instant.enabled) {
+    console.log(`  Instant  enabled  block=${snap.instant.block}  (${(snap.instant.conditions || []).length} condition${(snap.instant.conditions || []).length === 1 ? '' : 's'})`);
+  }
+  if (snap.query && snap.query.sqlQuery) {
+    console.log('  SQL:');
+    console.log(snap.query.sqlQuery.split('\n').map((l) => '    ' + ui.c.dim(l)).join('\n'));
+  }
+}
+// Roll a rule back to a prior version — restores that version's full snapshot and records it
+// as a new version (append-only history). System (read-only template) rules can't be rolled back.
+async function alertRuleRollback(args, flags) {
+  requireAuth();
+  const id = args[0];
+  const version = args[1] || flags.version;
+  if (!id || !version) {
+    ui.error('Usage: securenow alerts rules rollback <rule-id> <version-number> [--reason "..."] [--yes]');
+    process.exit(1);
+  }
+  if (!flags.yes && !flags.force) {
+    const ok = await ui.confirm(`Roll back rule ${ui.truncate(id, 12)} to v${version}? Restores that config and creates a new version.`);
+    if (!ok) { ui.info('Cancelled'); return; }
+  }
+  const body = { version: Number(version) };
+  if (flags.reason) body.reason = String(flags.reason);
+  const s = ui.spinner(`Rolling back to v${version}`);
+  let data;
+  try {
+    data = await api.post(`/alert-rules/${id}/rollback`, body);
+    s.stop(`Rolled back to v${version}`);
+  } catch (err) {
+    s.fail(`Failed to roll back: ${err.message}`);
+    process.exit(1);
+  }
+  if (flags.json) { ui.json(data); return; }
+  ui.success(`Restored from v${data.rolledBackFrom} → now at v${data.newVersion}`);
+  ui.info(`History: securenow alerts rules versions ${ui.truncate(id, 12)}`);
+}
 async function alertRuleDelete(args, flags) {
   requireAuth();
   const id = args[0];
@@ -918,6 +1083,58 @@ async function blocklistRemove(args, flags) {
   }
 }
+// Approve a block that the AI prepared but parked pending customer approval
+// (e.g. the autopilot held it under block_risk_score_below_policy). Enforces the IP.
+async function blocklistApprove(args, flags) {
+  requireAuth();
+  const id = args[0];
+  if (!id) {
+    ui.error('Usage: securenow blocklist approve <pending-block-id> [--reason <reason>] [--yes]');
+    process.exit(1);
+  }
+  if (!flags.force && !flags.yes) {
+    const ok = await ui.confirm('Approve this pending block? The IP will be enforced by the firewall.');
+    if (!ok) { ui.info('Cancelled'); return; }
+  }
+  const s = ui.spinner('Approving pending block');
+  try {
+    const body = {};
+    if (flags.reason) body.reason = flags.reason;
+    const data = await api.post(`/blocklist/${id}/approve`, body);
+    s.stop('Pending block approved — IP now enforced');
+    if (flags.json) ui.json(data);
+  } catch (err) {
+    s.fail('Failed to approve pending block');
+    throw err;
+  }
+}
+// Reject a pending block: the IP is NOT blocked, the entry is removed, and a scoped
+// no-block decision is recorded so auto-block won't re-block this IP for the same rule.
+async function blocklistReject(args, flags) {
+  requireAuth();
+  const id = args[0];
+  if (!id) {
+    ui.error('Usage: securenow blocklist reject <pending-block-id> [--reason <reason>] [--yes]');
+    process.exit(1);
+  }
+  if (!flags.force && !flags.yes) {
+    const ok = await ui.confirm('Reject this pending block? The IP will NOT be blocked; a scoped no-block decision is recorded for the rule that proposed it.');
+    if (!ok) { ui.info('Cancelled'); return; }
+  }
+  const s = ui.spinner('Rejecting pending block');
+  try {
+    const body = {};
+    if (flags.reason) body.reason = flags.reason;
+    const data = await api.post(`/blocklist/${id}/reject`, body);
+    s.stop('Pending block rejected — IP cleared (scoped no-block decision recorded)');
+    if (flags.json) ui.json(data);
+  } catch (err) {
+    s.fail('Failed to reject pending block');
+    throw err;
+  }
+}
 async function blocklistStats(args, flags) {
   requireAuth();
   const s = ui.spinner('Fetching blocklist stats');
@@ -1617,6 +1834,8 @@ module.exports = {
   blocklistList,
   blocklistAdd,
   blocklistRemove,
+  blocklistApprove,
+  blocklistReject,
   blocklistStats,
   revokeRoute,
   allowlistList,